高级搜索

一种基于程序执行时间量化分析的软件水印方法

张颖君 陈恺 鲍旭华

引用本文: 张颖君, 陈恺, 鲍旭华. 一种基于程序执行时间量化分析的软件水印方法[J]. 电子与信息学报, doi: 10.11999/JEIT190850 shu
Citation:  Yingjun ZHANG, Kai CHEN, Xuhua BAO. A Software Watermarking Method Based on Program Execution Time[J]. Journal of Electronics and Information Technology, doi: 10.11999/JEIT190850 shu

一种基于程序执行时间量化分析的软件水印方法

    作者简介: 张颖君: 女,1982年生,副研究员,主要研究方向为安全测评、系统安全;
    陈恺: 男,1982年生,研究员,主要研究方向为系统安全、人工智能安全;
    鲍旭华: 男,1977年生,高级工程师,主要研究方向为信息安全
    通讯作者: 鲍旭华,xuhua.bao@outlook.com
  • 基金项目: 国家重点研发计划项目(2016QY04W0805),国家自然科学基金(U1836211),大数据协同安全国家工程实验室开放课题

摘要: 当前,应用软件面临的重要问题是不法分子通过软件剽窃、重打包等技术,将恶意负载或广告加载到合法应用软件中,并形成新软件进行发布,给用户和应用软件作者的合法权益带来威胁。为了实现对应用软件剽窃、重打包等安全风险的测评,该文提出一种基于程序执行时间量化分析的软件水印方法(SW_PET)。通过生成多种相互抵消功能的操作组,实现对水印信息的时间化编码,并植入应用软件中;在检测过程中,需要提取相应的水印信息,对照之前的时间编码对应的原始水印,比较不同操作的执行时间,判断水印相似度,进而判别原始水印的存在性,完成应用软件合法性的判断。该方法也可以与其它类型的水印信息相结合,增强水印的鲁棒性。最后,通过搭建仿真模拟器,实现对不同应用软件水印信息的比较和判断,验证该方法的有效性。

English

    1. [1]

      林迪. 2018年中国App下载量排名全球第一: 占全球50%[EB/OL]. https://www.sohu.com/a/289551518_162522, 2019.

    2. [2]

      ZHOU Wu, ZHANG Xinwen, and JIANG Xuxian. AppInk: Watermarking android apps for repackaging deterrence[C]. The 8th ACM SIGSAC Symposium on Information, Computer and Communications Security. Hangzhou, China, 2013: 1–12. doi: 10.1145/2484313.2484315.

    3. [3]

      ZHOU Wu, ZHOU Yajin, JIANG Xuxian, et al. Detecting repackaged smartphone applications in third-party android marketplaces[C]. The 2nd ACM Conference on Data and Application Security and Privacy. San Antonio, United States, 2012: 317–326. doi: 10.1145/2133601.2133640.

    4. [4]

      Arxan Technologies. State of security in the App Economy: Mobile apps under attack[EB/OL]. http://www.arxan.com/assets/1/7/state-of-security-appeconomy.pdf, 2012.

    5. [5]

      CHEN Kai, ZHANG Yingjun, and LIU Peng. Leveraging information asymmetry to transform android apps into self-defending code against repackaging attacks[J]. IEEE Transactions on Mobile Computing, 2018, 17(8): 1879–1893. doi: 10.1109/TMC.2017.2782249

    6. [6]

      CHEN Kai, LIU Peng, and ZHANG Yingjun. Achieving accuracy and scalability simultaneously in detecting application clones on android markets[C]. The 36th International Conference on Software Engineering. Hyderabad, India, 2014: 175–186. doi: 10.1145/2568225.2568286.

    7. [7]

      CRUSSELL J, GIBLER C, and CHEN Hao. AnDarwin: Scalable detection of semantically similar android applications[C]. The 18th European Symposium on Research in Computer Security on Computer Security. Egham, UK, 2013: 182–199. doi: 10.1007/978-3-642-40203-6_11.

    8. [8]

      Guardsquare. Proguar[EB/OL]. http://proguard.sourceforge.net/, 2013.

    9. [9]

      Guardsquare. A specialized optimizer and obfuscator for android[EB/OL]. http://www.saikoa.com/dexguard, 2013.

    10. [10]

      陈明奇, 钮心忻, 杨义先. 数字水印的攻击方法[J]. 电子与信息学报, 2001, 23(7): 705–711.
      CHEN Mingqi, NIU Xinyi, and YANG Yixian. The attack methods of digital watermarking[J]. Journal of Electronics &Information Technology, 2001, 23(7): 705–711.

    11. [11]

      毛琼, 陈明奇, 夏光升, 等. 安全数字水印体系的研究[J]. 电子与信息学报, 2001, 23(9): 833–840.
      MAO Qiong, CHEN Mingqi, XIA Guangsheng, et al. The research of secure digital watermarking architecture[J]. Journal of Electronics &Information Technology, 2001, 23(9): 833–840.

    12. [12]

      HAMILTON J and DANICIC S. A survey of static software watermarking[C]. 2011 World Congress on Internet Security. London, UK, 2011: 100–107. doi: 10.1109/worldcis17046.2011.5749891.

    13. [13]

      MONDEN A, IIDA H, MATSUMOTO K, et al. A practical method for watermarking java programs[C]. The 24th Annual International Computer Software and Applications Conference. Taipei, China, 2000: 191–197. doi: 10.1109/CMPSAC.2000.884716.

    14. [14]

      VENKATESAN R, VAZIRANI V, and SINHA S. A graph theoretic approach to software watermarking[C]. The 4th International Workshop on Information Hiding. Pittsburgh, USA, 2001: 157–168. doi: 10.1007/3-540-45496-9_12.

    15. [15]

      COUSOT P and COUSOT R. An abstract interpretation-based framework for software watermarking[C]. The 31st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. Venice, Italy, 2004: 173–185. doi: 10.1145/964001.964016.

    16. [16]

      NAGRA J and THOMBORSON C. Threading software watermarks[C]. The 6th International Workshop on Information Hiding. Toronto, Canada, 2004: 208–223. doi: 10.1007/978-3-540-30114-1_15.

    17. [17]

      COLLBERG C, HUNTWORK A, CARTER E, et al. More on graph theoretic software watermarks: Implementation, analysis, and attacks[J]. Information and Software Technology, 2009, 51(1): 56–67. doi: 10.1016/j.infsof.2008.09.016

    18. [18]

      COLLBERG C, CARTER E, DEBRAY S, et al. Dynamic path-based software watermarking[J]. ACM Sigplan Notices, 2004, 39(6): 107–118. doi: 10.1145/996893.996856

    19. [19]

      COLLBERG C, CARTER E, DEBRAY S, et al. Dynamic path-based software watermarking[C]. The 2004 ACM SIGPLAN Conference on Programming Language Design and Implementation, Washington, USA, 2004: 107–118. doi: 10.1145/996841.996856.

    20. [20]

      ZENG Lingling, REN Wei, LEI Min, et al. DroidMark: A lightweight android text and space watermark scheme based on semantics of XML and DEX[C]. The 5th International Conference on Emerging Internetworking. Wuhan, China, 2017: 756–766. doi: 10.1007/978-3-319-59463-7_75.

    21. [21]

      COLLBERG C and THOMBORSON C. Software watermarking: Models and dynamic embedding[C]. The 26th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. San Antonio, USA, 1999: 311–324. doi: 10.1145/292540.292569.

    22. [22]

      ZHANG Yingjun and CHEN Kai. AppMark: A picture-based watermark for android apps[C]. The 8th International Conference on Software Security and Reliability (SERE). San Francisco, USA, 2014: 58–67. doi: 10.1109/SERE.2014.19.

    23. [23]

      王叶茂, 车生兵. 软件水印及其研究现状概述[J]. 计算机应用与软件, 2015, 32(4): 6–10. doi: 10.3969/j.issn.1000-386x.2015.04.002
      WANG Yemao and CHE Shengbing. Summary on software watermarking and its research progress[J]. Computer Applications and Software, 2015, 32(4): 6–10. doi: 10.3969/j.issn.1000-386x.2015.04.002

    1. [1]

      贾连印, 陈明鲜, 李孟娟, 游进国, 丁家满. 基于状态视图的高效Hilbert编码和解码算法. 电子与信息学报,

    2. [2]

      刘明, 孟宪辉, 熊鹏, 刘秀玲. 基于核稀疏编码的阵发性房颤检测. 电子与信息学报,

    3. [3]

      向敏, 饶华阳, 张进进, 陈梦鑫. 基于GCN的软件定义电力通信网络路由控制策略. 电子与信息学报,

    4. [4]

      吴奇, 陈鸿昶. 软件定义网络容错控制平面的最小覆盖布局方法. 电子与信息学报,

    5. [5]

      曾帅, 钱志华, 赵天烽, 任彦, 王育杰. 生存性条件约束下的软件定义光网络控制器部署算法. 电子与信息学报,

    6. [6]

      陈怡, 唐迪, 邹维. 基于深度学习的Android恶意软件检测:成果与挑战. 电子与信息学报,

    7. [7]

      张凯, 陈彬, 许志伟. 基于多目标进化策略算法的DNA核酸编码设计. 电子与信息学报,

    8. [8]

      牛莹, 张勋才. 基于变步长约瑟夫遍历和DNA动态编码的图像加密算法. 电子与信息学报,

    9. [9]

      高巍, 蒋刚毅, 郁梅, 骆挺. 基于熵编码的立体视频加密与信息隐藏算法. 电子与信息学报,

    10. [10]

      陈建华, 和志圆, 王炯. 基于边信息改进的分布式信源编码方案. 电子与信息学报,

    11. [11]

      宋人杰, 张元东. 基于感兴趣区域的高性能视频编码帧内预测优化算法. 电子与信息学报,

    12. [12]

      左志斌, 常朝稳, 祝现威. 一种基于数据平面可编程的软件定义网络报文转发验证机制. 电子与信息学报,

  • 图 1  基于程序执行时间量化分析的水印方法流程图

    图 2  程序相关编码示例

    图 3  使用原始程序中代码作为水印示例

    表 1  主要操作类型表

    操作类型操作示例
    算术操作加法x = x + y, x = x + C,等
    减法x = xy, x = x - C,等
    乘法x = x × y, x = x × C,等
    除法x = x / y, x = x / C,等
    逻辑操作逻辑与x = x && y, x = x && C,等
    逻辑或x = x || y, x = x || C,等
    逻辑非x =!x
    比特位操作比特and操作x = x & y, x = x & C,等
    比特or操作x = x | y, x = x | C,等
    移位操作左移位x = x << y, x = x << C,等
    右移位x = x >> y, x = x >> C,等
    下载: 导出CSV

    表 2  mark的时间编码序列

    水印字母操作代码
    mx = x + y; x = xy
    ax = x × y; x = x / y
    rx = x + y; x = xy; x = x × y; x = x / y
    ky = x; x = (x>>2); y = x & 0 × 3; x = (x<<2)|y
    下载: 导出CSV

    表 3  mark的时间编码序列

    水印字母操作代码时间(μs)
    mx = x + y; x = xy2.14
    ax = x × y; x = x / y4.04
    rx = x + y; x = xy; x = x × y; x = x / y7.14
    ky = x; x = (x>>2); y = x & 0x3; x = (x<<2)|y6.19
    下载: 导出CSV

    表 4  典型水印算法安全性比较

    水印方法安全性隐蔽性水印容量复杂度
    DMI[13]++++++
    GTW[14]+++++++++
    CT[21]++++++++++
    AppInk[2]+++++++++++
    SW_PET++++++++++
    下载: 导出CSV
  • 加载中
图(3)表(4)
计量
  • PDF下载量:  13
  • 文章访问数:  91
  • HTML全文浏览量:  72
文章相关
  • 通讯作者:  鲍旭华, xuhua.bao@outlook.com
  • 收稿日期:  2019-11-01
  • 录用日期:  2020-03-20
  • 网络出版日期:  2020-07-08
通讯作者: 陈斌, bchen63@163.com
  • 1. 

    沈阳化工大学材料科学与工程学院 沈阳 110142

  1. 本站搜索
  2. 百度学术搜索
  3. 万方数据库搜索
  4. CNKI搜索

/

返回文章